In an OpenStack deployment, when packets from a nova instance need to reach the external world, they first go through the virtual switch (OpenvSwitch or Linux Bridge) for layer-2 switching, then through the physical NIC of the compute host, and then leave the compute host. Hence, the path of the packets is:

When, single Root I/O Virtualisation (SR-IOV) and PCI pass-through are deployed in OpenStack, the packets from the nova instance do not use the virtual switch (OpenvSwitch or Linux Bridge). They directly go through the physical NIC, and then leave the compute host, thereby bypassing the virtual switch. In this case, the physical NIC does the layer-2 switching of the packets. Hence, the path of the packets is:

A virtual switch (OpenvSwitch or Linux Bridge) may also be used with SR-IOV if an instance needs a virtual switch for layer-2 switching. A virtual switch is just software and obviously does not scale well like a physical NIC when the packet rate is high.

In order to deploy SR-IOV on Cisco's UCS servers, we need the UCSM ml2 neutron plugin developed by Cisco. Here are few links about the UCSM ml2 neutron plugin:

Once the instance is up, ping it and SSH into it (security groups do not work for SR-IOV ports. Please refer the "Known limitations of SR-IOV ports" section at the end of this blog). Make sure that you can ping the gateway of the instance. The packets from the instance will not go through the virtual switch (OpenvSwitch or Linux Bridge). They directly go through the physical NIC of the compute host, and then leave the compute host, thereby bypassing the virtual switch.

Below are the steps to verify SR-IOV (VF) in the UCSM GUI.

Below are the steps to verify that the SR-IOV port does not use OpenvSwitch and bypasses it when sending/receiving packets:

1. Find the compute node on which sr-iov-vm is running.

# nova show sr-iov-vm | grep host

| OS-EXT-SRV-ATTR:host | mc2-compute-12 |

| OS-EXT-SRV-ATTR:hypervisor_hostname | mc2-compute-12 |

2. Find the port ID of the SR-IOV neutron port. d8379d3e-8877-4fec-8b50-ab939dbca797 is the port ID of the SR-IOV port in this case.

# neutron port-list | grep sr-iov-port

3. SSH into the compute host (mc2-compute-12 in this case) and make sure that:

1. There is no interface with d8379d3e in its name on the compute host, and,

2. There is no interface with d8379d3e in the output of "ovs-vsctl show".

# ssh root@mc2-compute-12

[root@mc2-compute-12 ~]# ip a | grep d8379d3e

[root@mc2-compute-12 ~]#

[root@mc2-compute-12 ~]# ovs-vsctl show | grep d8379d3e

[root@mc2-compute-12 ~]#

The above outputs must be empty. This shows that the SR-IOV port is not using OpenvSwitch for layer-2 switching and the physical NIC connected to the SR-IOV port does the layer-2 switching for packets from the instance sr-iov-vm.

On the other hand, in case of an instance booted with a regular OVS (non-SR-IOV virtio) port, the above outputs will not be empty. Below is an example of regular OVS (non-SR-IOV virtio) port (ID f9936cb7-885d-451d-9fc2-a86a670be732) attached to a instance. This OVS (non-SR-IOV virtio) port is part of the br-int (OVS integration bridge) in the output of "ovs-vsctl show".

physical_device_mappings is the comma-separated list of <physical_network>:<network_device> tuples mapping physical network names to the agent’s node-specific physical network device interfaces of SR-IOV physical function to be used for VLAN networks. All physical networks listed in network_vlan_ranges on the server should have mappings to appropriate interfaces on each agent.

Hey all! Its great to see these forums. I wanted to share some general content I product (alongside others as well in CX) to help get you kick started in AO. Happy to answer questions as much as I can too. I own the technical side of support of the produc...
view more

Hi all, if you have questions about developing on App Dynamics (AppD), please post them to the AppD community. You will likely get a faster and more accurate response. The community is here:https://community.appdynamics.com/t5/Forums-Community-AppDynamics...
view more

I am using Cisco Finesse version (11.5). I just want to get the customer information in Finesse ECE gadget that a customer filled during submitting chat request through pre-chat form like the picture I have attached I just&...
view more